[Snort-users] When Upgrading Breaks Auto Rule Management
eoin.miller at ...14586...
Thu Apr 28 12:10:22 EDT 2011
Finally got around to trying to use my oinkcode and all this automated
razzamatazz with my new Snort 188.8.131.52 sensors I am building. Trying out
pulledpork, supply my Oinkcode in the conf that I just pulled from
https://www.snort.org/account/oinkcode, and whenever I tried to use it,
it always bombs out and gives me a 403.
# pulledpork.pl -c pulledpork.conf
Checking latest MD5 for snortrules-snapshot-2905.tar.gz....
A 403 error occurred, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
You may also wish to verfiy your oinkcode, tarball name, and
other configuration options
Error 403 when fetching
/<REDACTEDFILEPATH>/pulledpork.pl line 453
'https://www.snort.org/reg-rules/') called at /opt/bcs/bin/pulledpork.pl
Then it occurred to me, go to the site and check if 184.108.40.206 rules are
available yet for registered users and after reviewing that site and the
SourceFire blog, it was clear that 30 days have not passed yet. Is it
possible to get some kind of place holder to pull down the 220.127.116.11
version of the rules until the 18.104.22.168 rules are available? Otherwise if
users roll out a new sensor within the first 30 days of a new Snort
version being released, their VRT auto rule updating will break until
the 30 days has expired.
More information about the Snort-users